J
Jesper
Im creating a host application (a game) which allows for users to supply a
custom computer AI. This will be in the form of a plugin assembly which
supports a specified interface. So the host will call interface functions in
the plugins like PerformMove(GameState gs). The host application is a
trusted application that runs on a server, and users upload plugins to this
server, but I can't trust the plugins.
PlugIn:
- Must adhere to a specific public interface.
- Is allowed to create and maintain private state information, to be used
between calls.
- Is not allowed access to I/O, Networks, Other processes, etc.
- Will recieve some objects by reference form the host, but has only read
capabilities on these objects. If this is not possible, it will recieve
objects by value only.
Host:
- Can kill any plugin process/thread that takes too long time.
- Can kill any plugin process/thread that takes too much memory (or maybe
limit the allowed memory size at creation of the plugin process?)
- In order to allow the host enough control over the plugin to be able to
kill it, I expect to have to run the plugin functions in a different thread
or process.
I'm pretty new to security, so how would you set up these plugins,
securitywise?
custom computer AI. This will be in the form of a plugin assembly which
supports a specified interface. So the host will call interface functions in
the plugins like PerformMove(GameState gs). The host application is a
trusted application that runs on a server, and users upload plugins to this
server, but I can't trust the plugins.
PlugIn:
- Must adhere to a specific public interface.
- Is allowed to create and maintain private state information, to be used
between calls.
- Is not allowed access to I/O, Networks, Other processes, etc.
- Will recieve some objects by reference form the host, but has only read
capabilities on these objects. If this is not possible, it will recieve
objects by value only.
Host:
- Can kill any plugin process/thread that takes too long time.
- Can kill any plugin process/thread that takes too much memory (or maybe
limit the allowed memory size at creation of the plugin process?)
- In order to allow the host enough control over the plugin to be able to
kill it, I expect to have to run the plugin functions in a different thread
or process.
I'm pretty new to security, so how would you set up these plugins,
securitywise?